Yeah, it takes the cracker to have the phone and a very high resolution image of THAT finger. .

More then likely there is a nice figure print. More then likely the one that is also used to unlock the device already on the home button anyway.. Sprint little light powder on it and a piece of masking tape should let anyone in.. This isnt a how to.. this is just common sense..

SO if you want to keep it safe, dont make your unlock finger your thumb.. THUMB = DUMB
Use a finger that is not used to push the home button.

They should have had that 9 dot pass code thingy. Then again it would eventually were a path (scratches) out in the screen from repeated use..

SO if you want to keep it safe, dont make your unlock finger your thumb.. THUMB = DUMB
Use a finger that is not used to push the home button.

Then I'm dumb. Look, as far as I'm concerned, if someone wants into my iPhone badly enough to lift my prints and make a fake fingerprint, then I have a much bigger problem at hand with WHY they want in that badly. I have no doubt that there are some people who may have information on their phone that "interested parties" may go to such lengths to get at. I'm not one of them... I'm a nobody. If it was just a casual thief who snagged it while not looking, I'd have it locked down with "Find my iPhone" before they even have time to lift a print, much less digitize in and print it.

Then I'm dumb. Look, as far as I'm concerned, if someone wants into my iPhone badly enough to lift my prints and make a fake fingerprint, then I have a much bigger problem at hand with WHY they want in that badly. I have no doubt that there are some people who may have information on their phone that "interested parties" may go to such lengths to get at. I'm not one of them... I'm a nobody. If it was just a casual thief who snagged it while not looking, I'd have it locked down with "Find my iPhone" before they even have time to lift a print, much less digitize in and print it.

Exactly just because it could be done, done not mean anyone is going to bother.

"Fingerprints and any other security methods can conceivably be 'hacked' (not that its usually a practical or realistic "hack") but people who focus on that miss the point badly: your car can still get stolen even with the best alarm; your house can still get robbed even with every door locked and bolted. The idea is to REDUCE YOUR RISK by setting up enough barriers that a thief will go for the easier pickings. Between the passcode, fingerprint, Activation Lock and Find My iPhone, Apple has *successfully* reduced the attractiveness of stealing an iPhone. Without making it one bit harder for users to use. THAT is the point."

In another life, we use to joke about fingerprints and their supposed utility in security. Fingerprints are special in that they are unique to you and are tough to physically remove from your person - they follow you. However, there is nothing about them that makes them especially tough to copy or reproduce from a sample. Because they are tied to you, you leave samples of them everywhere and few people clean up all the samples they leave behind. It's still a cool convenience feature and something few snatch and grab jerks are going to exploit.
I'm boring as well and would probably have my phone remotely wiped within a few hours if it was swiped. I don't use it for banking or anything important. There is nothing stored on it of consequence other than my schedule and my family's addresses. My family all shoot competently and distrust strangers, so I'm not too worried.

Never judge a man, untill you have walked a mile in his shoes...
That way you'll be a mile away from him, and you'll have his shoes.

I'd say your iPhone 5s is WAY more secure than any phone you've ever had in your life.

No it's not (here, here) and until there are definitive reports that any one platform is objectively more secure and less vulnerable than the others (has anyone does an objective study including iOS 7?), it's impossible to make this claim without any qualifications. The inclusion of a fingerprint scanner and activation lock only limited access at a hardware level and do nothing to plug the bugs at the software level.

Quote:

Originally Posted by chas_m

Fingerprints and any other security methods can conceivably be "hacked" (not that its usually a practical or realistic "hack") but people who focus on that miss the point badly: your car can still get stolen even with the best alarm; your house can still get robbed even with every door locked and bolted. The idea is to REDUCE YOUR RISK by setting up enough barriers that a thief will go for the easier pickings. Between the passcode, fingerprint, Activation Lock and Find My iPhone, Apple has *successfully* reduced the attractiveness of stealing an iPhone. Without making it one bit harder for users to use. THAT is the point.

From a security standpoint, I can probably go along with this. From a position rooted in the realities of the iPhone's position in the (North American) market, not even close. Apple's continued mythologizing of the device and high level rhetoric about it's "purposefully imagined" existence and the inclusion of the "most advanced technology" (their words) only means that the allure is increased. Look at a typical university campus - no one is going to steal the ugly Lenovo machine on the desk if a Mac is there.

Seriously dude? SERIOUSLY? Your second link is just a gloss over of the first. Besides, what exactly are these "vulnerabilities" anyway? Just how are these actually being used? That article is big on claims, but does nothing to substantiate them. The comments on the ZDNET article call them out on it. I found this little gem from that article interesting:

"With Android devices, cybercriminals see less reason to look for vulnerabilities to penetrate smartphones, he added. Android's open platform already easily opens up for third party and malicious apps to be easily created for users to download, he explained."

Translation: Android is easily.... EASILY... compromised.

Quote:

...and until there are definitive reports that any one platform is objectively more secure and less vulnerable than the others (has anyone does an objective study including iOS 7?), it's impossible to make this claim without any qualifications. The inclusion of a fingerprint scanner and activation lock only limited access at a hardware level and do nothing to plug the bugs at the software level.

Apple has already plugged the lockscreen bugs. No others exist that I have read of, though it may take time to discover more. Otherwise, there is no malware on iOS (short of a couple proofs of concepts). Android is riddled with it. Also, remind me again of how long it took iOS 6 to be jailbroken? A process that requires vulnerabilities? And where are they with iOS 7? And for comparison, perhaps you can elaborate on how hard it is (or not hard) to root Android?

Quote:

From a security standpoint, I can probably go along with this. From a position rooted in the realities of the iPhone's position in the (North American) market, not even close. Apple's continued mythologizing of the device and high level rhetoric about it's "purposefully imagined" existence and the inclusion of the "most advanced technology" (their words) only means that the allure is increased. Look at a typical university campus - no one is going to steal the ugly Lenovo machine on the desk if a Mac is there.

If the Mac is worth more on the black market, then of course it will be more likely to get stolen. That has nothing to do with the security of the OS or the iPhone.

Seriously dude? SERIOUSLY? Your second link is just a gloss over of the first. Besides, what exactly are these "vulnerabilities" anyway? Just how are these actually being used? That article is big on claims, but does nothing to substantiate them. The comments on the ZDNET article call them out on it. I found this little gem from that article interesting:

Well, seeing as how I'm not making the claim in the affirmative, I shouldn't have to provide any evidence. However, here's a list of 302 common vulnerabilities and exposures in iOS.

Quote:

Originally Posted by lifeisabeach

"With Android devices, cybercriminals see less reason to look for vulnerabilities to penetrate smartphones, he added. Android's open platform already easily opens up for third party and malicious apps to be easily created for users to download, he explained." Translation: Android is easily.... EASILY... compromised.

I never brought Android into this but I'm glad you did because this makes it really easy for me. Android has 29 common vulnerabilities and exposures compared to iOS' 302 (source). At least numerically, you're wrong. At this point, I have to ask you: seriously? Unless you can prove that those are easier to hack, you might want to rethink your defensive tone. And, if you want to take up the claim that iOS is more secure than anything else, please provide some evidence. I'm also going to preempt the inevitable "Android is easy to hack" argument because not only is that irrelevant but, if you're going to make the claim that it's more secure than everything, provide evidence for everything.

Quote:

Originally Posted by lifeisabeach

Apple has already plugged the lockscreen bugs. No others exist that I have read of, though it may take time to discover more. Otherwise, there is no malware on iOS (short of a couple proofs of concepts). Android is riddled with it.

Once again, I never brought up Android nor did I bring up malware. Malware does not equal vulnerabilities (my original argument). At no point did I say that Android was free of malware nor did I ever say that iOS was riddled with it.

Quote:

Originally Posted by lifeisabeach

Also, remind me again of how long it took iOS 6 to be jailbroken? A process that requires vulnerabilities? And where are they with iOS 7? And for comparison, perhaps you can elaborate on how hard it is (or not hard) to root Android?

Equating rooting with jailbreaking is an invalid comparison since rooting is about gaining administrative privileges. What you've done here is effectively equated exploiting a vulnerability with getting the admin password for an account on a Mac. Here's something that explains your false comparison:

Quote:

Root access is sometimes compared to jailbreaking devices running the Apple iOS operating system. However, these are different concepts. In the tightly-controlled iOS world, technical restrictions prevent (1) installing or booting into a modified or entirely new operating system (a "locked bootloader" prevents this), (2) sideloading unsigned applications onto the device, and (3) user-installed apps from having root privileges (and are run in a secure sandboxed environment). Bypassing all these restrictions together constitute the expansive term "jailbreaking" of Apple devices. That is, jailbreaking entails overcoming several types of iOS security features simultaneously. By contrast, only a minority of Android devices lock their bootloaders—and many vendors such as HTC, Sony, Asus and Google explicitly provide the ability to unlock devices, and even replace the operating system entirely.[2][3][4] Similarly, the ability to sideload apps is typically permissible on Android devices without root permissions. Thus, primarily the third aspect of iOS jailbreaking, relating to superuser privileges, correlates to Android rooting.

I don't actually care about the answer to the question of "what is most secure" because not only does the answer change day to day but being smart can make any platform secure. I have no vested interest in taking a side here but rather, I'm interested in trying to unsettle any complacency about the security of iOS (and any other platform if that comes up) because nothing is more secure than everything else at all times in every circumstance. iOS has holes and hiding behind a veil of "Android is weak" does nothing to address the problems that iOS has.

I don't actually care about the answer to the question of "what is most secure" because not only does the answer change day to day but being smart can make any platform secure. I have no vested interest in taking a side here but rather, I'm interested in trying to unsettle any complacency about the security of iOS (and any other platform if that comes up) because nothing is more secure than everything else at all times in every circumstance. iOS has holes and hiding behind a veil of "Android is weak" does nothing to address the problems that iOS has.

And yet, in day to day usage, how exactly are these reported iOS vulnerabilities being exploited? If the OS itself is fundamentally insecure, then WHY is it not being exploited? You are making claims and providing "proof" that it is insecure, yet no real world evidence that these supposed insecurities are being exploited, despite "'Apple's continued mythologizing of the device and high level rhetoric about it's 'purposefully imagined' existence and the inclusion of the 'most advanced technology' (their words) only means that the allure is increased.'"

But ignoring the overall security argument for a minute, Van also seems to have ignored the very section I reposted a second time.

Sorry, dude, but you are NEVER going to convince me that an iPhone that has a complex passcode, Touch ID, Find My iPhone AND activation lock is less secure than a typical Android phone with a gesture lock and that's it.

The reason you're never going to convince is the same reason you're not going to convince me that the earth is flat in spite of the fact that I personally have never been in orbit.

But ignoring the overall security argument for a minute, Van also seems to have ignored the very section I reposted a second time.

Sorry, dude, but you are NEVER going to convince me that an iPhone that has a complex passcode, Touch ID, Find My iPhone AND activation lock is less secure than a typical Android phone with a gesture lock and that's it.

Did you read my post? I clearly said that I wasn't talking about malware...

Quote:

Originally Posted by chas_m

The reason you're never going to convince is the same reason you're not going to convince me that the earth is flat in spite of the fact that I personally have never been in orbit.

Saying that the Earth is flat is objectively wrong. Saying that iOS is, without question, more secure, is not. That's a false comparison.

As for your section:

Quote:

"Fingerprints and any other security methods can conceivably be 'hacked' (not that its usually a practical or realistic "hack") but people who focus on that miss the point badly: your car can still get stolen even with the best alarm; your house can still get robbed even with every door locked and bolted. The idea is to REDUCE YOUR RISK by setting up enough barriers that a thief will go for the easier pickings. Between the passcode, fingerprint, Activation Lock and Find My iPhone, Apple has *successfully* reduced the attractiveness of stealing an iPhone. Without making it one bit harder for users to use. THAT is the point."

I highlighted the very important part of your own words. At no point did I say that anything was impervious to vulnerabilities nor did I ever make the claim that anything else was perfect. Indeed, the only thing companies can do is reduce the entry points for vulnerabilities and plug them when they appear. The same goes for any platform.

I don't understand the defensiveness in the responses here - I'm pointing out the realities of vulnerabilities (which keep getting conflated with either malware or passcode access, neither of which have anything to do with vulnerabilities by the way in and of themselves). I'm not trying to make the claim that any platform is better than any other (despite the repeated attempts to drag Android into the discussion). In fact, all I'm trying to do is shine a light on the reality of the existence of vulnerabilities. You can make the claim that they're not exploited but that's just silly. That's akin to walking into a room with people who have the flu and saying "I haven't taken my flu shot but I don't have the flu so everything is fine." If you want to take that approach, so be it. However, it would seem more prudent to realize the CVE realities of each platform we use, whether or not it's likely or not. As I mentioned above, they are used in the real world - this is how jailbreaks work (again, I'm not talking about malware).

At the base level, I agree that iOS is probably more secure in real world conditions but I'm not going to espouse perfection or a rhetoric of safety. As long as iOS has a long list of vulnerabilities (as with any other platform), there's no point in saying that it is, without question, more secure than anything else.

And again, because my argument doesn't seem to be clear (I'm trying to make this as clear as possible): malware is not the same thing as a vulnerability and iOS has vulnerabilities (whether you choose to acknowledge them or not).

I'm not jumping into this fight, but just as a fact-checker, when vansmith cited the 302 vulnerabilities

Quote:

However, here's a list of 302 common vulnerabilities and exposures in iOS.

he forgot to mention that not all of them are in fact in IOS, and none of them (at this point) are for IOS7. Not to say there aren't any in IOS 7, but at this point they aren't on that list that I could find. And only 6 of those vulnerabilities had exploits, all of them against iPhones/IOS older than 4.0.2. No exploits since then. As for the utility of fingerprint access, the fact that the iPhone has it makes it more likely that people will use it, and any security is better than no security. I am one of those who turned off the security passcode on every iphone I've had because I didn't want to be fussed with entering it every time I wanted to use it. If the fingerprinting on the 5s works as advertised and described, I'll leave it on because it's easy to use. I already press the Home button to open the phone anyway, so it's no additional steps to let the fingerprint thing do what it does. And that is the single best benefit of the fingerprint, that more people will be inclined to use it because it's easy.

I'm not jumping into this fight, but just as a fact-checker, when vansmith cited the 302 vulnerabilities he forgot to mention that not all of them are in fact in IOS, and none of them (at this point) are for IOS7. Not to say there aren't any in IOS 7, but at this point they aren't on that list that I could find. And only 6 of those vulnerabilities had exploits, all of them against iPhones/IOS older than 4.0.2. No exploits since then.

Good find. Who doesn't appreciate a good fact check?

My only comment to that is that this doesn't negate my argument (they've been and remain present, regardless of version) and I imagine that, since it's a piece of software like any other, vulnerabilities will surface. However, a lack of them now is better than having them now.

Quote:

Originally Posted by MacInWin

As for the utility of fingerprint access, the fact that the iPhone has it makes it more likely that people will use it, and any security is better than no security. I am one of those who turned off the security passcode on every iphone I've had because I didn't want to be fussed with entering it every time I wanted to use it. If the fingerprinting on the 5s works as advertised and described, I'll leave it on because it's easy to use. I already press the Home button to open the phone anyway, so it's no additional steps to let the fingerprint thing do what it does. And that is the single best benefit of the fingerprint, that more people will be inclined to use it because it's easy.

Couldn't agree more. As we all know, people are generally lazy when it comes to security and having something simple is a great way to get around this (however much changing people's mindset would be a better option).